Commit Graph

318 Commits

Author SHA1 Message Date
Adam Ierymenko
2f00ae4fd7 Version 0.6.1: minor bug fix, DBM removal
This version removes the peer DBM present in earlier releases. It is not necessary for
regular clients and has been a source of problems.

There is a long-term identity cache that can be enabled by making a directory called
"iddb.d" in the home folder and restarting ZT1. This is probably something only our
supernodes would need, since regular nodes can easily WHOIS peers they've forgotten
about.

On shutdown, the peer database is dumped to disk. It's then restored on startup.
Peers that have not been used in a while are cleaned out, so this keeps this data
set small.

A DBM may re-appear later if it's needed, but for now it was YAGNI.
2013-10-21 14:22:02 -04:00
Adam Ierymenko
5e71e07f59 Add persistent identity caching for use on supernodes. Activate by just making an iddb.d directory in the ZeroTier home folder. Also clean up some obsolete cruft from makefiles. 2013-10-21 14:12:00 -04:00
Adam Ierymenko
40e4f39181 Peers are now dumped on shutdown in a persistence cache and reloaded on startup, which is good enough for clients right now. Supernodes will get something else for long-term authoritative identity caching. 2013-10-21 11:15:47 -04:00
Adam Ierymenko
6e217dfcb0 Get rid of DBM, which technically is a case of YAGNI. Supernodes will need a way to save identities, but that can be a different feature. Regular clients do not really need a permanent cache (yet). When/if we do need one we can do it then. Until then it only caused problems. 2013-10-21 10:29:44 -04:00
Adam Ierymenko
bbfd43e036 VERSION 0.6.0 BETA: please upgrade!
Version 0.6.0 marks the transition of ZeroTier One from ALPHA to BETA.
Major updates to the web site and binary packages for MacOS and Linux
are coming soon, followed by Windows soon thereafter.

This version contains a number of changes including:

 * Speed improvements to encryption
 * A new much-improved identity algorithm, which unfortunately requires an
   identity regeneration. This should happen automatically, and should be
   the last time for a good long while assuming there's nothing wrong with
   what's here.
 * Cleaned up the Network::Config mess in the code, factored out Config
   into its own NetworkConfig class.
 * Lots of work to support private networks, which are still in testing.
   Concurrent with the web site update will be another minor release to
   include any fixes there.
 * Some changes to the protocol for better future-proofing.
 * Netconf support for ARP caching parameters configurable on per-network
   basis.

You must update to stay connected to the network; this version will not
talk to 0.5.0. After this, I'm going to be much more reluctant to make
incompatible changes.
2013-10-20 16:14:27 -04:00
Adam Ierymenko
70655cc3f7 Docs and auto-update of Earth network ID. 2013-10-20 16:00:41 -04:00
Adam Ierymenko
c89cdcc3fd Blech... moving on! 2013-10-20 15:54:32 -04:00
Adam Ierymenko
1ed8a22d19 And then it turns out to be too slow on a slower 32-bit machine... we do want to do tablets eventually. 2013-10-20 15:46:36 -04:00
Adam Ierymenko
bad043729f Yet another revision of this algo... yeesh... and update to supernode IDs. I think I am gonna go with this one. Seems memory-hard enough to me. I am probably procrastinating by obsessing over it. 2013-10-20 15:31:32 -04:00
Adam Ierymenko
3c5c3280ff Fix an endian-non-neutrality bug in new hashcash identity algo. 2013-10-20 11:04:58 -04:00
Adam Ierymenko
8c9b73f67b Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance. 2013-10-18 17:39:48 -04:00
Adam Ierymenko
37e3bc3467 Bump version.h to version 0.6.0... almost there! 2013-10-18 16:59:15 -04:00
Adam Ierymenko
8d3dc3a44b Add commented out gprof makefile options to Linux build. 2013-10-18 16:51:05 -04:00
Adam Ierymenko
fbf6ab5d4d Bug fixes: inverted sense bug, printf format bug. 2013-10-18 16:27:07 -04:00
Adam Ierymenko
e13d4df9ab Forgot to set defaults if multicast parameters are unset. 2013-10-18 15:50:31 -04:00
Adam Ierymenko
fb7d9b1029 Oops we needed _r in there... 2013-10-18 15:00:55 -04:00
Adam Ierymenko
5ef758bbd4 Eliminate unused private field (compiler warning). 2013-10-18 14:27:37 -04:00
Adam Ierymenko
ca93b4a1ac Clean up some stuff, including a few spots where exceptions were not being handled correctly. 2013-10-18 14:16:53 -04:00
Adam Ierymenko
03b909603a Clean up the awful Network::Config mess and break that out into NetworkConfig. 2013-10-18 13:20:34 -04:00
Adam Ierymenko
5a8f213c23 Work in progress... 2013-10-18 12:01:48 -04:00
Adam Ierymenko
b10871cedc More work in netconf cleanup. 2013-10-18 11:01:41 -04:00
Adam Ierymenko
9f107dbd4e Work in progress on cleaning up netconf mess in node code... 2013-10-18 09:48:02 -04:00
Adam Ierymenko
e6eb65be00 Netconf support for ARP and NDP caching TTLs. 2013-10-17 16:49:31 -04:00
Adam Ierymenko
dd7758e33e Add multicast trace receiver to attic/. Another run of multicast trace reveals fairly nice behavior. It looks like the traffic jams are the fault of ARP, which results from a gaggle of hosts trying to send ping replies. ARP caching will help with that quite a bit. 2013-10-17 16:27:46 -04:00
Adam Ierymenko
d0dbd869c9 Increase verbosity of multicast tracing and fix tap build problem / GitHub Issue #19 2013-10-17 15:20:43 -04:00
Adam Ierymenko
9ece65da23 Fix some old column names in netconf. 2013-10-17 13:52:39 -04:00
Adam Ierymenko
7701e25a45 Merge branch 'adamierymenko-dev' of shub-niggurath.zerotier.com:/git/ZeroTierOne into adamierymenko-dev 2013-10-17 13:08:09 -04:00
Adam Ierymenko
797bba04dd Get rid of not used and maybe never to be used Filter code. 2013-10-17 13:07:53 -04:00
Adam Ierymenko
f7bf9da881 Compile fix for netconf. 2013-10-17 11:22:03 -04:00
Adam Ierymenko
ce14ba9004 Take the 0.6.0 opportunity to add flags to a few protocol verbs and do a bit more cleanup. Also fix it so certificates wont be accepted unless they are newer than existing ones. 2013-10-17 06:41:52 -04:00
Adam Ierymenko
555471200c Add DISTINCT to queue query. 2013-10-17 05:40:04 -04:00
Adam Ierymenko
7e7e28f5f7 Add support for pushing network config refresh hints from a MEMORY queue table. That ways it will be possible for network changes to take effect almost immediately across all active peers. 2013-10-17 05:37:01 -04:00
Adam Ierymenko
46f868bd4f Lots of cleanup, more work on certificates, some security fixes. 2013-10-16 17:47:26 -04:00
Adam Ierymenko
58fa6cab43 Auto-pushing of membership certs on: MULTICAST_FRAME,FRAME,MULTICAST_LIKE and on receipt of MULTICAST_LIKE. 2013-10-07 17:00:53 -04:00
Adam Ierymenko
4d594b24bc Automagically push netconf certs -- Network support. 2013-10-07 16:13:52 -04:00
Adam Ierymenko
b4ae1adfbf Break out certificate of membership into its own class. 2013-10-07 15:29:03 -04:00
Adam Ierymenko
dcbc9c8ddd Rename error code for no membership certificate. 2013-10-07 15:21:40 -04:00
Adam Ierymenko
430882327e Couple of small fixes, works again with new ID code. 2013-10-07 15:00:38 -04:00
Adam Ierymenko
2fa2796f2a Another tweak, hopefully final, to reduce variance on identity generation times. 2013-10-07 14:31:13 -04:00
Adam Ierymenko
343b7f44fc Old algo for ID derivation was not in fact memory-hard since Salsa20 is seekable, so take two. 2013-10-07 12:48:27 -04:00
Adam Ierymenko
0c8614b9c6 Add a second arg to idtool generate to make generating both secret and public easier, add new supernode identities after generating them, fix known good and bad IDs in selftest. 2013-10-07 09:36:20 -04:00
Adam Ierymenko
5fa7a92048 Allocate genmem[] since its too big for the stack on some systems. 2013-10-06 05:28:25 -04:00
Adam Ierymenko
bc715fbd51 Make new identity hashcash algo memory hard, and tweak generation time a bit. Current hashcash cost should be overkill for what we need but still tolerable to users. 2013-10-05 14:15:59 -04:00
Adam Ierymenko
a31c54b44b Remove an obsolete column from Node table in netconf. 2013-10-05 10:45:23 -04:00
Adam Ierymenko
4267e7da93 Remove a whole bunch of now-unnecessary cruft from Topology and PacketDecoder. 2013-10-05 10:19:12 -04:00
Adam Ierymenko
0e43e5e8f2 Rest of work on new hashcash based identity scheme. 2013-10-05 07:00:55 -04:00
Adam Ierymenko
b0187f4472 Hashcash-based identity, work in progress... committing to test speed on other boxes. 2013-10-05 06:00:47 -04:00
Adam Ierymenko
588a47be89 Some API improvements to C25519 in preparation for that thing I woke up thinking about at 4am. 2013-10-05 05:26:38 -04:00
Adam Ierymenko
ea4e1136dd Flesh out membership certificate with signature, better serialize/deserialize, and rename parameter to qualifier to make better conceptual sense. 2013-10-04 12:24:21 -04:00
Adam Ierymenko
ca6c0fad08 VERSION 0.5.0 - alpha users must rebuild and restart!
Whew. This is a big one. More of a marathon than a sprint.

First, four big things:

1) This version breaks backward compatibility with all prior versions.
It's in alpha, I can do that.

2) The port has changed from 8993 to 9993 to mark this change. Probably
not necessary but why not? Also 8993/UDP turned out to be used by some
enterprise LDAP thingy, which doesn't matter much either but again why
not?

3) This version, unlike previous versions, does NOT auto-join the Earth
network. Soon there will be more than one net, and not everyone is going
to want to get dumped on a flat global LAN right out of the box. To
join Earth use the command line interface:

sudo zerotier-cli join bc8f9a8ee3000001

4) Finally, you will get a different IP on Earth. The whole cryptosystem
has changed and we're not going to bother with continuity issues in
alpha testing.

So what's changed? See the blog:

http://blog.zerotier.com/post/62991430345/alpha-zerotier-one-network-is-down-briefly

The net should be up shortly after this commit. If there are any issues,
0.5.0 will be rapidly followed by 0.5.1. :-) Otherwise the next sprint
will be finishing up support for private networks. Then it's off to the
races with BETA, then Windows. (Decided to move into beta before Windows
in all likelihood.)
2013-10-03 15:57:44 -04:00